# Default values for gitlab/gitlab chart

## NOTICE
# Due to the scope and complexity of this chart, all possible values are
# not documented in this file. Extensive documentation for these values
# and more can be found at https://gitlab.com/charts/gitlab/

## Advanced Configuration
# Documentation for advanced configuration can be found under doc/advanced
# - external PostgreSQL
# - external Gitaly
# - external Redis
# - external NGINX
# - PersistentVolume configuration
# - external Object Storage providers 

## The global properties are used to configure multiple charts at once.
## Extended documenation at doc/charts/globals.md
global:
  edition: ce
  gitlabVersion: {{ gitlab_version }}
  ## GitLab operator is Alpha. Not for production use.
  operator:
    enabled: false

  ## doc/charts/globals.md#configure-host-settings
  hosts:
    domain: {{ gitlab.domain }}
    # hostSuffix:
    https: false

  communityImages:
    migrations:
      repository: {{ gitlab_rails_ce_repo }}
      tag: v{{ gitlab_version }}
    sidekiq:
      repository: {{ gitlab_sidekiq_ce_repo }}
      tag: v{{ gitlab_version }}
    task-runner:
      repository: {{ gitlab_task_runner_ce_repo }}
      tag: v{{ gitlab_version }}
    unicorn:
      repository: {{ gitlab_unicorn_ce_repo }}
      tag: v{{ gitlab_version }}
      workhorse:
        repository: {{ gitlab_workhorse_ce_repo }}
        tag: v{{ gitlab_version }}

  ## doc/charts/globals.md#configure-ingress-settings
  ingress:
    configureCertmanager: false
    annotations: {}
    enabled: true
    tls:
      enabled: false

  ## doc/charts/globals.md#configure-gitaly-settings
  gitaly:
    authToken: {}
      # secret:
      # key:
    internal:
      names: ['default']
    external: []

  ## doc/charts/globals.md#configure-minio-settings
  minio:
    enabled: true
    persistence:
      size: 10Gi
    credentials: {}
      # secret:

  grafana:
    enabled: false

  ## doc/charts/globals.md#configure-appconfig-settings
  ## Rails based portions of this chart share many settings
  appConfig:
    ## doc/charts/globals.md#general-application-settings
    enableUsagePing: true
    enableImpersonation:
    defaultCanCreateGroup: true
    usernameChangingEnabled: true
    issueClosingPattern:
    defaultTheme:
    defaultProjectsFeatures:
      issues: true
      mergeRequests: true
      wiki: true
      snippets: true
      builds: true
    webhookTimeout:

    ## doc/charts/globals.md#gravatarlibravatar-settings
    gravatar:
      plainUrl:
      sslUrl:

    ## doc/charts/globals.md#hooking-analytics-services-to-the-gitlab-instance
    extra:
      googleAnalyticsId:
      piwikUrl:
      piwikSiteId:

    ## doc/charts/globals.md#lfs-artifacts-uploads-packages
    lfs:
      bucket: git-lfs
      connection: {}
        # secret:
        # key:
    artifacts:
      bucket: gitlab-artifacts
      connection: {}
        # secret:
        # key:
    uploads:
      bucket: gitlab-uploads
      connection: {}
        # secret:
        # key:
    packages:
      bucket: gitlab-packages
      connection: {}

    externalDiffs:
      when:
      bucket: gitlab-mr-diffs
      connection: {}
    ## doc/charts/globals.md#pseudonymizer-settings
    pseudonymizer:
      configMap:
      bucket: gitlab-pseudo
      connection: {}
        # secret:
        # key:
    backups:
      bucket: gitlab-backups
      tmpBucket: tmp

    ## doc/charts/globals.md#incoming-email-settings
    ## doc/installation/deployment.md#incoming-email
    incomingEmail:
      enabled: false
      address: ""
      host: "imap.gmail.com"
      port: 993
      ssl: true
      startTls: false
      user: ""
      password:
        secret: ""
        key: password
      mailbox: inbox
      idleTimeout: 60

    ## doc/charts/globals.md#ldap
    ldap:
      servers:
      ## 'main' is the GitLab 'provider ID' of this LDAP server
        main:
          label: 'LDAP'
          host: 'openldap.kubesphere-system.svc'
          port: 389
          uid: 'uid'
          bind_dn: 'cn=admin,dc=kubesphere,dc=io'
          password:
            secret: openldap-secret
            key: password
          base: 'dc=kubesphere,dc=io'
          encryption: 'plain'

    ## doc/charts/globals.md#omniauth
    omniauth:
      enabled: false
      autoSignInWithProvider:
      syncProfileFromProvider: []
      syncProfileAttributes: ['email']
      allowSingleSignOn: ['saml']
      blockAutoCreatedUsers: true
      autoLinkLdapUser: false
      autoLinkSamlUser: false
      externalProviders: []
      providers: []
      # - secret: gitlab-google-oauth2
      #   key: provider
  ## End of global.appConfig

  ## doc/charts/globals.md#configure-gitlab-shell-settings
  shell:
    authToken: {}
      # secret:
      # key:
    hostKeys: {}
      # secret:

  ## Rails application secrets 
  ## Secret created according to doc/installation/secrets.md#gitlab-rails-secret
  ## If allowing shared-secrets generation, this is OPTIONAL.
  railsSecrets: {}
    # secret:

  ## doc/charts/globals.md#configure-registry-settings
  registry:
    bucket: registry
    certificate: {}
      # secret:
    httpSecret: {}
      # secret:
      # key:

  ## GitLab Runner
  ## Secret created according to doc/installation/secrets.md#gitlab-runner-secret
  ## If allowing shared-secrets generation, this is OPTIONAL.
  runner:
    registrationToken: {}
      # secret:

  ## doc/installation/deployment.md#outgoing-email
  ## Outgoing email server settings
  smtp:
    enabled: false
    address: smtp.mailgun.org
    port: 2525
    user_name: ""
    ## doc/installation/secrets.md#smtp-password
    password:
      secret: ""
      key: password
    # domain:
    authentication: "plain"
    starttls_auto: false
    openssl_verify_mode: "peer"

  ## doc/installation/deployment.md#outgoing-email
  ## Email persona used in email sent by GitLab
  email:
    from: ''
    display_name: GitLab
    reply_to: ''
    subject_suffix: ''

  ## Timezone for containers.
  time_zone: PRC

  ## Global Service Annotations
  service:
    annotations: {}

  antiAffinity: soft

  ## doc/installation/secrets.md#gitlab-workhorse-secret
  workhorse: {}
    # secret:
    # key:

  ## doc/charts/globals.md#custom-certificate-authorities
  # configuration of certificates container & custom CA injection
  certificates:
    image:
      repository: {{ alpine_certificates_repo }}
      tag: {{ alpine_certificates_tag }}
    customCAs: []
    # - secret: custom-CA
    # - secret: more-custom-CAs

  kubectl:
    image:
      repository: {{ gitlab_kubectl_repo }}
      tag: {{ gitlab_kubectl_tag }}
      pullSecrets: []
## End of global

upgradeCheck:
  enabled: true
  image:
    repository: {{ busybox_repo }}
    tag: {{ gitlab_busybox_tag }}
  securityContext:
    # in alpine/debian/busybox based images, this is `nobody:nogroup`
    runAsUser: 65534
    fsGroup: 65534
  tolerations: []

## Installation & configuration of stable/cert-manager
## See requirements.yaml for current version
certmanager:
  # Install cert-manager chart. Set to false if you already have cert-manager
  # installed or if you are not using cert-manager.
  install: false
  # Other cert-manager configurations from upstream
  # See https://github.com/kubernetes/charts/tree/master/stable/cert-manager#configuration
  rbac:
    create: true

## doc/charts/nginx/index.md
## doc/architecture/decisions.md#nginx-ingress
## Installation & configuration of charts/nginx
nginx-ingress:
  enabled: true
  # tcpExternalConfig: "true"
  controller:
    image:
      repository: {{ nginx_ingress_controller_repo }}
      tag: "{{ nginx_ingress_controller_tag }}"
    service:
      externalTrafficPolicy: "Cluster"
      type: NodePort
      nodePorts:
        http: 30080
        https: 30443
    replicaCount: 1
    minAvailable: 1
  defaultBackend:
    image:
      repository: {{ defaultbackend_repo }}
      tag: "{{ defaultbackend_tag }}"
    minAvailable: 1
    replicaCount: 1
  rbac:
    create: true
  serviceAccount:
    create: true

## Installation & configuration of stable/prometheus
## See requirements.yaml for current version
prometheus:
  install: false
  rbac:
    create: true
  alertmanager:
    enabled: false
  alertmanagerFiles:
    alertmanager.yml: {}
  kubeStateMetrics:
    enabled: false
  nodeExporter:
    enabled: false
  pushgateway:
    enabled: false

## Configuration of Redis
## doc/architecture/decisions.md#redis
## doc/charts/redis
redis:
  enabled: true
  image:
    repository: {{ redis_repo }}
    tag: "{{ redis_tag }}"
  init:
    image: {{ busybox_repo }}
    tag: {{ busybox_tag }}
  metrics:
    image: {{ redis_exporter_repo }}
    imageTag: "{{ redis_exporter_tag }}"

## doc/architecture/decisions.md#redis-ha
## doc/charts/redis-ha
redis-ha:
  enabled: false
  nameOverride: redis
  image:
    repository: {{ gitlab_redis_ha_repo }}
    tag: {{ gitlab_redis_ha_tag }}
    pullPolicy: IfNotPresent
  init:
    image: {{ busybox_repo }}
    tag: {{ busybox_tag }}
  metrics:
    image: {{ redis_exporter_repo }}
    imageTag: {{ redis_exporter_tag }}
## Instllation & configuration of stable/prostgresql
## See requirements.yaml for current version
postgresql:
  install: true
  postgresUser: gitlab
  postgresDatabase: gitlabhq_production
  image: {{ postgres_repo }}
  imageTag: {{ postgres_tag }}
  usePasswordFile: true
  existingSecret: 'secret'
  metrics:
    enabled: true
    image: {{ postgres_exporter_repo }}
    imageTag: {{ postgres_exporter_tag }}
    ## Optionally define additional custom metrics
    ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file

## Installation & configuration charts/registry
## doc/architecture/decisions.md#registry
## doc/charts/registry/
registry:
  enabled: true
  image:
    repository: {{ registry_repo }}
    tag: {{ registry_tag }}
  init:
    image: {{ busybox_repo }}
    tag: {{ busybox_tag }}
  hpa:
    minReplicas: 1
    maxReplicas: 1
  resources:
    requests:
      cpu: 50m
      memory: 32Mi

## Automatic shared secret generation
## doc/installation/secrets.md
## doc/charts/shared-secrets
shared-secrets:
  enabled: true
  rbac:
    create: true
  selfsign:
    repository: {{ cfssl_self_sign_repo }}
    tag: {{ cfssl_self_sign_tag }}
    pullPolicy: IfNotPresent

## Installation & configuration of gitlab/gitlab-runner
## See requirements.yaml for current version
gitlab-runner:
  install: false
  rbac:
    create: true
  runners:
    locked: false
    cache:
      cacheType: s3
      s3BucketName: runner-cache
      cacheShared: true
      s3BucketLocation: us-east-1
      s3CachePath: gitlab-runner
      s3CacheInsecure: false

## Settings for individual sub-charts under GitLab
## Note: Many of these settings are configurable via globals
gitlab:
  ## doc/charts/gitlab/gitaly
  gitaly:
    init:
      image: {{ busybox_repo }}
      tag: {{ busybox_tag }}
    image:
      repository: {{ gitaly_repo }}
      tag: {{ gitaly_tag }}
      pullPolicy: IfNotPresent
    persistence:
      size: 10Gi    

  ## doc/charts/gitlab/gitlab-shell
  gitlab-shell:
    init:
      image: {{ busybox_repo }}
      tag: {{ busybox_tag }}
    image:
      repository: {{ gitlab_shell_repo }}
      tag: {{ gitlab_shell_tag }}

  mailroom:
    image:
      repository: {{ gitlab_mailroom_repo }}
      tag: {{ gitlab_mailroom_tag }}
    init:
      image: {{ busybox_repo }}
      tag: {{ busybox_tag }}

  ## doc/charts/gitlab/migrations
  migrations:
    init:
      image: {{ busybox_repo }}
      tag: {{ busybox_tag }}

  operator:
    image:
      repository: {{ gitlab_operator_repo }}
      tag: {{ gitlab_operator_tag }}
      pullPolicy: IfNotPresent
  gitlab-exporter:
    image:
      repository: {{ gitlab_exporter_repo }}
  ## doc/charts/gitlab/sidekiq
  sidekiq:
    init:
      image: {{ busybox_repo }}
      tag: {{ busybox_tag }}

  task-runner:
    init:
      image: {{ busybox_repo }}
      tag: {{ busybox_tag }}

  ## doc/charts/gitlab/unicorn
  unicorn:
    init:
      image: {{ busybox_repo }}
      tag: {{ busybox_tag }}

minio:
  imagePullPolicy: "IfNotPresent"
  init:
    image: {{ busybox_repo }}
    tag: {{ busybox_tag }}
  minioMc:
    image: {{ mc_repo }}
    tag: RELEASE.2018-07-13T00-53-22Z
  image: {{ minio_repo }}
  imageTag: RELEASE.2017-12-28T01-21-00Z
  securityContext:
    runAsUser: 0
    fsGroup: 0

